Share
## https://sploitus.com/exploit?id=D33B3970-3577-591E-A511-663051F282B8
### Parameters
- `-f`: File to scan (default: `urls.txt`)
- `-f`: File to scan (file path): Specify custom files to scan.
- `-t`: Thread count
- `--timeout`: Timeout value
- `-o`: Output file name
- `-q`: Quiet mode (only outputs vulnerability URLs)
- `-c`: Command to execute (default: `whoami`)
- `-c`: Command to execute (file path): Specify custom commands to execute.
| Parameter | Description | Default Value |
|----------|--------------|-------------|
| `-f, --file` | URL list file | urls.txt |
| `-u, --url` | Single target URL | - |
| `-t, --threads` | Concurrent threads | 20 |
| `--timeout` | Request timeout (seconds) | 10 |
| `-o, --output` | Output CSV file | results.csv |
| `-c, --command` | Command to execute | id |
| `-q, --quiet` | Quiet mode | false |
## URL File Format
One URL per line, for example:
```
http://192.168.1.10:3000
http://192.168.1.11:3000
```
## Output Example
```
+---------------------------------------------------------------+
| ### ## ####### ## ## ######## ## ####### |
| #### ## ## ## ## ## ## ## |
| ## ## ## ##### ### ## ## ####### |
| ## #### ## ## ## ## ## ## ## |
| ## ### ####### ## ## ## #### ####### |
| |
| CVE-2025-55182 RCE Scanner |
+---------------------------------------------------------------+
============================================================
[ CONFIGURATION ]
============================================================
> Targets: 10
> Threads: 20
> Command: id
============================================================
[ SCANNING ]
============================================================
[14:30:25] [VULN] http://192.168.1.10:3000
'--> uid=1000(www-data)
[14:30:26] [SAFE] http://192.168.1.11:3000
+==========================================================+
| SCAN COMPLETE |
+==========================================================+
| Total Targets : 10 |
| Vulnerable : 1 |
| Safe : 9 |
| Errors : 0 |
+==========================================================+
```
## Output File
The scan results are saved as a CSV file, containing the following fields:
- `url` - Target URL
- `status` - HTTP status code
- `vulnerable` - Whether a vulnerability exists
- `output` - Output from the command execution
- `error` - Error message
## Disclaimer
This tool is intended only for authorized security testing purposes. Do not use it for illegal purposes. The user must bear all related responsibilities.
[source-iocs-preserved url=http://192.168.1.100:3000,http://target.com ipv4=192.168.1.100]